29th May 2019
Following on from our successful Insight into Cyber Crime event last Autumn, we’re frequently asked what risks and cover businesses should be considering to protect themselves from financial or reputational losses that could arise from a cyber-attack or data-breach. While the protection you might need for your business will vary from another business, there are some common concepts to understand for all of us.
What types of incidents are we talking about?
With so many aspects of our personal and professional lives being connected by the web, most businesses will manage their customer information digitally, bank electronically, have automated re-ordering as well as storing commercially sensitive details around products, patents, finance and staffing. Anything that exposes or compromises these kinds of information represents a risk to a business. These risks are not limited to active criminal behaviour by hackers but can also simply be down to something like the wrong document being emailed outside of the business. Common incidents include:
- IT system & security failures.
- Cyber attacks.
◦ Data breaches resulting in loss of customer data or commercially-sensitive information
◦ Extortion/Ransomware demands.
- Human error.
- Lost laptops and mobile phones.
What kind of damages are companies suffering?
The immediate issues that can result are business interruption, corporate liabilities under GDPR regulations and reputational damage. Recent research has tried to put a direct figure on this and found that cyber breaches cost the average small business £27,500 in basic ‘clear-up’ costs every year. Those costs are incurred on things like paying ransoms, compensating customers, replacing hardware and updating security software. An IBM study of larger global businesses put the average cost of a data breach at around $3m.
How can businesses protect themselves?
80% of all breaches happen because of human error– for example, staff unwittingly allowing viruses or hackers into a company system. With this in mind, simply thinking that it is purely an IT issue is not a robust-enough approach. To make things harder for hackers trying to exploit the human weakness angle a business should make sure they have the following in place:
• Cyber Security strategy
• Practical, monitored IT usage policies including password rules, firewalls and appropriate IT infrastructure
• Suitable device security for all hardware used to access company information (phones, laptops,)
• Secure, encrypted file storage for all company records and
• Cyber Insurance
What areas does cyber insurance cover?
Cyber policies are specifically designed to fill many of the cyber coverage gaps that traditional policies do not cover. Cyber policies provide specific coverages for losses caused by computer viruses, denial of service attacks, and the digital release of third-party information. They are also designed to cover costs associated with the replacement of digital assets, business interruption and extortion; and provide coverage for the cost of compliance with regulatory bodies.
Traditional policies just don’t give this type of cover. Businesses should be making it a priority to assess their possible exposure in the event of a cyber-breach and double check their existing policies to see if they provide cover for the kinds of cyber-related risks covered above.
Does this really apply to my business?
Almost certainly- unless you’re not using computers to access the internet, receive email, store customer data, run your financial systems and process orders. A recent Hiscox insurance article estimates that small businesses in the UK are targeted 65,000 times each day. With that level of activity and attacks becoming increasingly intricate and complex it makes sense to give this area some thought now
That’s without discussing the impact on your business if one of your suppliers, your card-processing system or good customers suffer a cyber-attack.
Venture can help you find cyber cover tailored for your business; please get in touch to find out a little more. Call your usual contact or 0117 325 0641 and ask for Ian who can discuss options with you.